Magento Security Breach – the importance of applying your security updates on time

June 09 2015

It’s been over a month since Magento announced a critical security flaw in its system, however a large number of merchants are still yet to install the patch provided.

Yet, despite being warned that the remote code execution vulnerability (identified by Check Point Software Technologies) could potentially allow unauthorised access to a Magento store, many merchants have ignored the platform’s request to secure their sites. The vulnerability is said to affect both Magento Enterprise Edition and Magento Community Edition and could give attackers control over a store and access to sensitive customer information.

Magento was quick to take action, creating a security patch that would cover up the flaw and prevent access to hackers. But of course, a patch can only work if people actually install it!

What is a security patch?

If you’re wondering what on earth we’re talking about – let us explain! A security patch is basically a piece of software that is designed to fill a hole in the security layers of another piece of software. It’s kind of like putting a plaster on a cut (only a security patch won’t fall off).

Why are patch updates important?

Patch security updates are created for a reason – they allow you to main in control and benefit from full security of the software or platform you’re using. If you don’t install a patch update, it will leave your software open to hackers, who could do anything, from taking control of your website content, to stealing customer information.

Hackers don’t wait around!

Don’t be fooled into thinking you’ve got plenty of time to install a security patch update. The sooner you do it, the more likely you are to keep your site protected! Hackers aren’t going to wait around. They’re ready to pounce on software vulnerabilities and as soon as they find an easy way in they will exploit it.

Leave it too long and hackers may end up taking control of your site or your system, uploading inappropriate content and exposing visitors to harmful software like malware and viruses.

It’s not worth the risk – trust us!

Secure your Magento store

If you haven’t already, you need to make sure you implement the new Magento security patch known as SUPEE-5344 as soon as possible. Magento is also recommending that you install the SUPEE-1533 security patch from October 2014 too, if you haven’t already.

As soon as you install the security patch, you can have the peace of mind that you’ve done everything you in your power to secure your store.

What’s your partner up to?

If you work with a Magento partner and they’ve still not applied the update, we’d urge you to ask them why. Part of their job is to keep your Magento site security intact, so if they’ve missed this security vulnerability, you should be questioning how many others they might have missed too.

If they’re not up to scratch, you’ll be wise to shop around for a new software partner and take your business elsewhere.

And it’s not just this software. Many applications require regular and timely updates to keep them secure and effective.

Hackers aren’t going to wait around to see if you patch your software. They’ll be there trying to gain access to your site, so the sooner you patch it, the better! We offer some great software solutions, expert advise and support to ensure your systems are kept up-to-date at all times.

To enable the lock down of USB ports, we employ GFI EndPointSecurity. Robert from Grant McGregor clearly had extensive knowledge and explained the features in layman’s terms and answered all the questions I had.